import { IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultAuth } from "./VaultAuth.js";
import { IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1CAProvider } from "./CAProvider.js";
import { IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultClientTLS } from "./VaultClientTLS.js";
import { IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultKVStoreVersion } from "./VaultKVStoreVersion.js";
import { ModelData, Model } from "@kubernetes-models/base";
/**
 * Configures an store to sync secrets using a HashiCorp Vault
 * KV backend.
 */
export interface IVaultProvider {
    /**
     * Auth configures how secret-manager authenticates with the Vault server.
     */
    "auth"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultAuth;
    /**
     * PEM encoded CA bundle used to validate Vault server certificate. Only used
     * if the Server URL is using HTTPS protocol. This parameter is ignored for
     * plain HTTP protocol connection. If not set the system root certificates
     * are used to validate the TLS connection.
     */
    "caBundle"?: string;
    /**
     * The provider for the CA bundle to use to validate Vault server certificate.
     */
    "caProvider"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1CAProvider;
    /**
     * ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
     * leader instead of simply retrying within a loop. This can increase performance if
     * the option is enabled serverside.
     * https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
     */
    "forwardInconsistent"?: boolean;
    /**
     * Headers to be added in Vault request
     */
    "headers"?: {
        [key: string]: string;
    };
    /**
     * Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
     * Vault environments to support Secure Multi-tenancy. e.g: "ns1".
     * More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
     */
    "namespace"?: string;
    /**
     * Path is the mount path of the Vault KV backend endpoint, e.g:
     * "secret". The v2 KV secret engine version specific "/data" path suffix
     * for fetching secrets from Vault is optional and will be appended
     * if not present in specified path.
     */
    "path"?: string;
    /**
     * ReadYourWrites ensures isolated read-after-write semantics by
     * providing discovered cluster replication states in each request.
     * More information about eventual consistency in Vault can be found here
     * https://www.vaultproject.io/docs/enterprise/consistency
     */
    "readYourWrites"?: boolean;
    /**
     * Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
     */
    "server": string;
    /**
     * The configuration used for client side related TLS communication, when the Vault server
     * requires mutual authentication. Only used if the Server URL is using HTTPS protocol.
     * This parameter is ignored for plain HTTP protocol connection.
     * It's worth noting this configuration is different from the "TLS certificates auth method",
     * which is available under the `auth.cert` section.
     */
    "tls"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultClientTLS;
    /**
     * Version is the Vault KV secret engine version. This can be either "v1" or
     * "v2". Version defaults to "v2".
     */
    "version"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultKVStoreVersion;
}
/**
 * Configures an store to sync secrets using a HashiCorp Vault
 * KV backend.
 */
export declare class VaultProvider extends Model<IVaultProvider> implements IVaultProvider {
    "auth"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultAuth;
    "caBundle"?: string;
    "caProvider"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1CAProvider;
    "forwardInconsistent"?: boolean;
    "headers"?: {
        [key: string]: string;
    };
    "namespace"?: string;
    "path"?: string;
    "readYourWrites"?: boolean;
    "server": string;
    "tls"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultClientTLS;
    "version"?: IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultKVStoreVersion;
    constructor(data?: ModelData<IVaultProvider>);
}
export type { IVaultProvider as IComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultProvider, VaultProvider as ComGithubExternalSecretsExternalSecretsApisExternalsecretsV1VaultProvider };